summaryrefslogtreecommitdiff
path: root/android/neverallow.go
diff options
context:
space:
mode:
Diffstat (limited to 'android/neverallow.go')
-rw-r--r--android/neverallow.go21
1 files changed, 21 insertions, 0 deletions
diff --git a/android/neverallow.go b/android/neverallow.go
index 7615ca805..70af2acc3 100644
--- a/android/neverallow.go
+++ b/android/neverallow.go
@@ -65,6 +65,7 @@ func init() {
AddNeverAllowRules(createKotlinPluginRule()...)
AddNeverAllowRules(createPrebuiltEtcBpDefineRule())
AddNeverAllowRules(createAutogenRroBpDefineRule())
+ AddNeverAllowRules(createNoSha1HashRule())
}
// Add a NeverAllow rule to the set of rules to apply.
@@ -297,19 +298,31 @@ func createLimitDirgroupRule() []Rule {
WithoutMatcher("visibility", InAllowedList([]string{"//trusty/vendor/google/aosp/scripts", "//trusty/vendor/google/proprietary/scripts"})).Because(reason),
NeverAllow().
ModuleType("genrule").
+ // TODO: remove the 4 below targets once new targets are submitted
Without("name", "trusty-arm64.lk.elf.gen").
Without("name", "trusty-arm64-virt-test-debug.lk.elf.gen").
Without("name", "trusty-x86_64.lk.elf.gen").
Without("name", "trusty-x86_64-test.lk.elf.gen").
+ // trusty vm target names moving forward
+ Without("name", "trusty-test_vm-arm64.elf.gen").
+ Without("name", "trusty-test_vm-x86.elf.gen").
+ Without("name", "trusty-security_vm-arm64.elf.gen").
+ Without("name", "trusty-security_vm-x86.elf.gen").
Without("name", "trusty-widevine_vm-arm64.elf.gen").
Without("name", "trusty-widevine_vm-x86.elf.gen").
WithMatcher("dir_srcs", isSetMatcherInstance).Because(reason),
NeverAllow().
ModuleType("genrule").
+ // TODO: remove the 4 below targets once new targets are submitted
Without("name", "trusty-arm64.lk.elf.gen").
Without("name", "trusty-arm64-virt-test-debug.lk.elf.gen").
Without("name", "trusty-x86_64.lk.elf.gen").
Without("name", "trusty-x86_64-test.lk.elf.gen").
+ // trusty vm target names moving forward
+ Without("name", "trusty-test_vm-arm64.elf.gen").
+ Without("name", "trusty-test_vm-x86.elf.gen").
+ Without("name", "trusty-security_vm-arm64.elf.gen").
+ Without("name", "trusty-security_vm-x86.elf.gen").
Without("name", "trusty-widevine_vm-arm64.elf.gen").
Without("name", "trusty-widevine_vm-x86.elf.gen").
With("keep_gendir", "true").Because(reason),
@@ -324,6 +337,14 @@ func createFilesystemIsAutoGeneratedRule() Rule {
Because("is_auto_generated property is only allowed for filesystem modules in build/soong/fsgen directory")
}
+func createNoSha1HashRule() Rule {
+ return NeverAllow().
+ ModuleType("filesystem", "android_filesystem").
+ ModuleType("filesystem", "android_system_image").
+ With("avb_hash_algorithm", "sha1").
+ Because("sha1 is discouraged")
+}
+
func createKotlinPluginRule() []Rule {
kotlinPluginProjectsAllowedList := []string{
"external/kotlinc",
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-10-20 05:15:23 +0000